AUTHENTICATION FACTORS WITH PUBLIC-KEY INFRASTRUCTURE

US 20090037729A1
Filed: 08/03/2007
Published: 02/05/2009
Est. Priority Date: 08/03/2007
Status: Abandoned Application

First Claim

Patent Images

1. A user access control system for use in a computer systems having user authenticated accesses, the system comprising:

a workstation coupled to a computer network, the workstation operable to receive a request for an authenticated access to the computer network, and to prompt for and receive one or more credentials associated with the request;

a gating authentication server coupled to the computer network and operable to receive the one or more credentials provided through the workstation and to provide as a gating factor an authenticated credential as a gating factor in response to receiving and validating the one or more credentials; and

a public key infrastructure server coupled to the computer network and operable to generate private/public key pairs associated with the authenticated credential, wherein the private/public key pairs are generated after a request for access to the computer system has been received at the workstation and the gating authentication server has authenticated the one or more credentials provided through the workstation.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user access control system comprising a workstation coupled to a computer network and operable to receive a request for an authenticated access to the computer network, and to prompt for and receive one or more credentials associated with the request, a gating authentication server coupled to the computer network and operable to receive the one or more credentials and to provide as a gating factor an authenticated credential, and a public key infrastructure server coupled to the computer network and operable to generate private/public key pairs associated with the authenticated credential, wherein the private/public key pairs are either generated after a request for access to the computer system has been received at the workstation and the gating authentication server has authenticated the one or more credentials provided through the workstation, or the private/public key pairs are retrieved from a previously generated virtual smart card based on the authentication credential.

98 Citations

View as Search Results

25 Claims

1. A user access control system for use in a computer systems having user authenticated accesses, the system comprising:
- a workstation coupled to a computer network, the workstation operable to receive a request for an authenticated access to the computer network, and to prompt for and receive one or more credentials associated with the request;
  
  a gating authentication server coupled to the computer network and operable to receive the one or more credentials provided through the workstation and to provide as a gating factor an authenticated credential as a gating factor in response to receiving and validating the one or more credentials; and
  
  a public key infrastructure server coupled to the computer network and operable to generate private/public key pairs associated with the authenticated credential, wherein the private/public key pairs are generated after a request for access to the computer system has been received at the workstation and the gating authentication server has authenticated the one or more credentials provided through the workstation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The user access control system of claim 1, including a certificate authority coupled to the computer network and operable to receive the authenticated credential and a request for a temporal certificate, and to generate a temporal certificate associated with the authenticated credential.
  - 3. The user access control system of claim 1, including a virtual smart card server storage coupled to the computer network and operable to store a plurality of virtual smart cards and to receive allow access to a particular one of the virtual smart cards upon receiving the authenticated credential and a request for the particular virtual smart cards associate with the authenticated credential.
  - 4. The user access control system of claim 1, wherein the workstation is coupled to the computer network through a local area network.
  - 5. The user access control system of claim 1, wherein the workstation is coupled to the compute network through a wireless connection.
  - 6. The user access control system of claim 1, wherein the workstation includes a smart card driver operable to generate a given public/private key pair, and to make a Certificate Signing Request (CSR) to a certificate authority in order to have the certificate authority issue a temporal certificate based on the given key pair.
  - 7. The user access control system of claim 1, wherein the workstation includes a custom graphical identification and authentication module operable to prompt for and to collect the one or more credentials that are to be passed to the gating authentication server.
  - 8. The user access control system of claim 1, wherein the workstation includes a virtual smart card driver coupled to a smart card login application and operable to receive a temporal certificate and to provide the temporal certificate to the smart card login application with one or more responses indicative of a smart card insertion and removal event without having a physical smart card insertion or removal event occur that is associated with the temporal certificate.
  - 9. The user access control system of claim 1, wherein the workstation includes a smart card reader driver operable to generate smart card insertion and removal events that are then processed by a Winlogon process module included in the workstation.

10. A method of authenticating users requesting access on a computer network, the method comprising:
- receiving a request for authenticated access to a computer network;
  
  prompting for at least one user credential;
  
  receiving at least one credential in response to the prompt;
  
  validating the received at least one credential by providing an authenticated credentials if the received at least one credential is valid;
  
  requesting a temporal private/public key pair and a temporal certificate, wherein requesting includes submitting the authenticated credentials;
  
  receiving the authenticated credentials and generating a temporal private/public key pair and a temporal certificate associated with the authenticated credentials upon receipt of the authenticated credentials; and
  
  granting authenticated access to the computer network using the temporal certificate and the temporal private/public key pair.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein generating includes submitting the generated temporal certificate to a smart card driver in order to complete a smart card logon to the computer network based on the authenticated credentials and the temporal certificate.
  - 12. The method of claim 10, wherein receiving the at least on credential in response to the prompt includes receiving a user identification and a personal identification number.
  - 13. The method of claim 10, wherein receiving at least one credential in response to the prompt includes receiving a one-time password.
  - 14. The method of claim 10, wherein validating includes passing the received at least one credential to a gating authentication server.
  - 15. The method of claim 10, wherein validating the received at least one credential by providing authenticated credentials includes receiving an authentication token in response to the request if the received at least one credential is valid.
  - 16. The method of claim 10, wherein generating a temporal private/public key pair and a temporal certificate includes generating a public/private key pair, and providing the public/private key pair along with a certificate signing request to a certificate authority, the certificate authority operable to generate the temporal certificate based on the temporal private/public key pair.
  - 17. The method of claim 10, wherein generating the temporal private/public key pair includes generating the private/public key pair at a smart card driver based on the authenticated credentials received from an authentication server.

18. A method of authenticating users requesting access on a computer network, the method comprising:
- initiating a smart card logon process;
  
  receiving a request for authenticated access to a computer network;
  
  deceiving a smart card reader driver into believing that a smart card is present prompting for at least one user credential;
  
  receiving at least one credential in response to the prompt;
  
  validating the received at least one credential by providing authenticated credentials if the received at least one credential is valid;
  
  requesting a private/public key pair and a certificate based on the authenticated credentials;
  
  in response to the request for a private/public key pair and a certificate, presenting the authenticated credentials to obtain a temporal key pair and a temporal certificate;
  
  submitting the temporal key pair and the temporal certificate to the logon process as if it was read from a smart card; and
  
  granting authenticated access to the computer network using the temporal certificate and the authenticated credentials.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The method of claim 18, wherein obtaining the temporal key pair and the temporal certificate includes generating both the temporal key pair and the temporal certificate after receiving the at least one credential and after authenticating the at least one credential.
  - 20. The method of claim 18, wherein obtaining the temporal key pair and the temporal certificate includes:
    - using the authenticated credentials to gain access to a previously stored virtual smart card associated with the authenticated credentials, andreading a private/public key pair and a certificate from the previously stored virtual smart card associated with the authenticated credentials.
  - 21. The method of claim 18, wherein obtaining the temporal key pair and the temporal certificate includes:
    - using the authenticated credentials to gain access to a previously stored virtual smart card associated with the authenticated credentials,reading a private/public key pair from the previously stored virtual smart card associated with the authenticated credentials; and
      
      and generating a temporal certificate using the previously generated private/public key pair by providing the previously generated private/public key pair to a certificate authority.
  - 22. The method of claim 18, wherein responding to the request for a temporal certificate includes presenting the authenticated credentials in order to gain access to a certificate previously generated by a certificate authority and associated with the authenticated credentials.
  - 23. The method of claim 18, wherein the stored virtual smart card is stored on a virtual smart card sever storage that is operable to store a plurality of virtual smart cards associated with a plurality of different authenticated credentials.
  - 24. The method of claim 18, wherein the stored virtual smart card was generated in response to a previous request for access to the computer network.

25. A machine-readable medium comprising instructions stored on a computer memory, which when implemented by one or more processors perform the following operations:
- receiving a request for authenticated access to a computer network;
  
  prompting for at least one user credential;
  
  receiving at least one credential in response to the prompt;
  
  validating the received at least one credential by providing an authenticated credentials if the received at least one credential is valid;
  
  requesting a temporal private/public key pair and a temporal certificate, wherein requesting includes submitting the authenticated credentials;
  
  receiving the authenticated credentials and generating a temporal private/public key pair and a temporal certificate associated with the authenticated credentials upon receipt of the authenticated credentials; and
  
  granting authenticated access to the computer network using the temporal certificate and the temporal private/public key pair.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SafeNet Data Security (Israel) Ltd.
Original Assignee
SafeNet Data Security (Israel) Ltd.
Inventors
MacDonald, Ian, Zeltser, Alex, Smith, Lawrence

Application Number

US11/833,823
Publication Number

US 20090037729A1
Time in Patent Office

Days
Field of Search
US Class Current

713/158
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

AUTHENTICATION FACTORS WITH PUBLIC-KEY INFRASTRUCTURE

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

98 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION FACTORS WITH PUBLIC-KEY INFRASTRUCTURE

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links